Cyberattack on largest US Catholic health care system part of rising criminal trend

May 14, 2024 at 11:52 a.m.
This is a general view of a sign in front of the main entrance to Ascension St. John Hospital in Detroit May 10, 2023. In a May 9, 2024, statement, Ascension reported it had experienced a suspected cyberattack the day before, causing a disruption to some of the Catholic health care system's services. (OSV News photo/Emily Elconin, Reuters)
This is a general view of a sign in front of the main entrance to Ascension St. John Hospital in Detroit May 10, 2023. In a May 9, 2024, statement, Ascension reported it had experienced a suspected cyberattack the day before, causing a disruption to some of the Catholic health care system's services. (OSV News photo/Emily Elconin, Reuters) (Emily Elconin)

By Gina Christian, OSV News

OSV News – The nation's largest Catholic health care system reported it experienced what it called a "cybersecurity incident" May 8, resulting in "a disruption to clinical operations." The cyberattack is part of a rising and dangerous criminal trend targeting the entire health care sector.

In a May 9 update posted to its website, Ascension said it had "detected unusual activity" in its network systems and was "working around the clock with internal and external advisors to investigate, contain, and restore our systems following a thorough validation and screening process."

The attack rendered unavailable Ascension's electronic health records system, along with "some phone systems, and various systems utilized to order certain tests, procedures and medications," according to the update.

Ascension said it had "temporarily paused" some nonemergency elective procedures, tests and appointments "out of an abundance of caution" while working to "bring systems back online."

"Due to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately," Ascension said.

"Safely caring for patients remains our highest priority as we navigate this cybersecurity incident," the health care system added. "We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures, in which our workforce is well trained."

Ascension said it anticipated "utilizing downtime procedures for some time," and advised patients to "bring to their appointment notes on their symptoms and a list of current medications and prescription numbers or the prescription bottles so their care team can call in medication needs to pharmacies."

The health care sector is "particularly vulnerable" to cybersecurity attacks, according to the U.S. Department of Health and Human Services.

A recent HHS strategy report noted that health care facilities "are attractive targets for cyber criminals in light of their size, technological dependence, sensitive data, and unique vulnerability to disruptions."

Cyberattacks against health care systems are on the rise, according to the HHS, citing a 93% increase from 2018 to 2022.

HHS collaborates with the nation's Cybersecurity and Infrastructure Security Agency and Health Sector Coordinating Council Cybersecurity Working Group to strengthen defenses against such breaches.

The agencies collectively stress the need to be vigilant for attempts to gain unauthorized access to systems, denial of service (DOS) attacks lasting more than 12 hours, malicious code, email or mobile messages associated with phishing attempts, and ransomware targeting critical infrastructure.

Headquartered in St. Louis, the nonprofit Ascension was initially formed as Ascension Health in 1999 by the Daughters of Charity National Health System and the Sisters of St. Joseph Health System, joined by the Carondelet Health System in 2002.

Over the years, a number of health care organizations have joined Ascension, which now operates at more than 2,600 sites in 19 states and the District of Columbia.

Ascension's original sponsoring organizations were the St. Louise Province of the Daughters of Charity of St. Vincent de Paul, the Sisters of St. Joseph of Nazareth (now part of Congregation of St. Joseph), the Congregation of the Sisters of St. Joseph of Carondelet, the Congregation of Alexian Brothers and the Sisters of the Sorrowful Mother.

In 2011, the Vatican approved the creation of a canon law entity known as a "public juridic person" as the sole sponsor of Ascension, assuring the health care system "as a ministry will be sustained and strengthened over time, with both religious and lay persons serving as members," according to Ascension's website.

Gina Christian is a multimedia reporter for OSV News. Follow her on X, formerly Twitter, at @GinaJesseReina.

The Church needs quality Catholic journalism now more than ever. Please consider supporting this work by signing up for a SUBSCRIPTION (click HERE) or making a DONATION to The Monitor (click HERE). Thank you for your support.


Related Stories

OSV News – The nation's largest Catholic health care system reported it experienced what it called a "cybersecurity incident" May 8, resulting in "a disruption to clinical operations." The cyberattack is part of a rising and dangerous criminal trend targeting the entire health care sector.

In a May 9 update posted to its website, Ascension said it had "detected unusual activity" in its network systems and was "working around the clock with internal and external advisors to investigate, contain, and restore our systems following a thorough validation and screening process."

The attack rendered unavailable Ascension's electronic health records system, along with "some phone systems, and various systems utilized to order certain tests, procedures and medications," according to the update.

Ascension said it had "temporarily paused" some nonemergency elective procedures, tests and appointments "out of an abundance of caution" while working to "bring systems back online."

"Due to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately," Ascension said.

"Safely caring for patients remains our highest priority as we navigate this cybersecurity incident," the health care system added. "We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures, in which our workforce is well trained."

Ascension said it anticipated "utilizing downtime procedures for some time," and advised patients to "bring to their appointment notes on their symptoms and a list of current medications and prescription numbers or the prescription bottles so their care team can call in medication needs to pharmacies."

The health care sector is "particularly vulnerable" to cybersecurity attacks, according to the U.S. Department of Health and Human Services.

A recent HHS strategy report noted that health care facilities "are attractive targets for cyber criminals in light of their size, technological dependence, sensitive data, and unique vulnerability to disruptions."

Cyberattacks against health care systems are on the rise, according to the HHS, citing a 93% increase from 2018 to 2022.

HHS collaborates with the nation's Cybersecurity and Infrastructure Security Agency and Health Sector Coordinating Council Cybersecurity Working Group to strengthen defenses against such breaches.

The agencies collectively stress the need to be vigilant for attempts to gain unauthorized access to systems, denial of service (DOS) attacks lasting more than 12 hours, malicious code, email or mobile messages associated with phishing attempts, and ransomware targeting critical infrastructure.

Headquartered in St. Louis, the nonprofit Ascension was initially formed as Ascension Health in 1999 by the Daughters of Charity National Health System and the Sisters of St. Joseph Health System, joined by the Carondelet Health System in 2002.

Over the years, a number of health care organizations have joined Ascension, which now operates at more than 2,600 sites in 19 states and the District of Columbia.

Ascension's original sponsoring organizations were the St. Louise Province of the Daughters of Charity of St. Vincent de Paul, the Sisters of St. Joseph of Nazareth (now part of Congregation of St. Joseph), the Congregation of the Sisters of St. Joseph of Carondelet, the Congregation of Alexian Brothers and the Sisters of the Sorrowful Mother.

In 2011, the Vatican approved the creation of a canon law entity known as a "public juridic person" as the sole sponsor of Ascension, assuring the health care system "as a ministry will be sustained and strengthened over time, with both religious and lay persons serving as members," according to Ascension's website.

Gina Christian is a multimedia reporter for OSV News. Follow her on X, formerly Twitter, at @GinaJesseReina.

The Church needs quality Catholic journalism now more than ever. Please consider supporting this work by signing up for a SUBSCRIPTION (click HERE) or making a DONATION to The Monitor (click HERE). Thank you for your support.

Have a news tip? Email [email protected] or Call/Text 360-922-3092

e-Edition


e-edition

Sign up


for our email newsletters

Weekly Top Stories

Sign up to get our top stories delivered to your inbox every Sunday

Daily Updates & Breaking News Alerts

Sign up to get our daily updates and breaking news alerts delivered to your inbox daily

Latest Stories


Pope: Humility is the 'gateway to all virtues’
Though not found on the classical list of cardinal or theological virtues, ...

Pope: Palliative care is 'concrete sign' of solidarity with those who are suffering
Palliative care seeks "to alleviate the ...

St. John Vianney softball rallies to win SCT title game
The process has been completed.

The Solemnity of the Most Holy Trinity
This Sunday, the Church throughout the world celebrates the ...

Knights' success built on founder's desire for charity
In many ways, Father Michael J. McGivney was just ...


The Evangelist, 40 North Main Ave., Albany, NY, 12203-1422 | PHONE: 518-453-6688| FAX: 518-453-8448
© 2024 Trenton Monitor, All Rights Reserved.